openssl

What Certificate Authority Software is Available?

I am running a number of SSL-encrypted websites, and need to generate certificates to run on these. They are all internal applications, so I don't need to purchase a certificate, I can create my own. I have found it quite tedious to do everything using openssl all the time, and figure this is the kind of thing that has probably been don...

Getting ASN.1 Issuer strings from PEM files?

I recently came across an issue with Windows 2003 (apparently it also exists in other versions too), where if an SSL/TLS server is requesting client certificate authentication and it has more than 16KB of trusted certificate DNs, Internet Explorer (or any other app that uses schannel.dll) is unable to complete the SSL handshake. (In a nu...

Easy expanation of setting up Openssl on Windows.

Hi, I really want to get the google Calendar Api up an running. I found a great article about how to get started. I downloaded the Zend GData classes. I have php 5 running on my dev box and all the exetensions should be loading. I cant get openssl running and recieve the following error when I try to run any of the example page which...

C# utility to create a CA

I'd like to create a utility in C# to allow someone to easily create a Certificate Authority (CA) in Windows. Any ideas/suggestions? I know I can use OpenSSL to do this. In the end, I'll want this utility to do more than just generate a CA. I'd also like to avoid requiring the installation of OpenSSL in order to run my utility. ...

Using openssl encryption with Java

Hi, I have a legacy C++ module that offers encryption/decryption using the openssl library (DES encryption). I'm trying to translate that code into java, and I don't want to rely on a DLL, JNI, etc... C++ code looks like: des_string_to_key(reinterpret_cast<const char *>(key1), &initkey); des_string_to_key(reinterpret_cast<const char *>...

Using openssl what does "unable to write 'random state'" mean?

I'm generating a self-signed SSL certificate to protect my server's admin section, and I keep getting this message from openssl: unable to write 'random state' What does this mean? A quick Google search yields nothing useful, so I thought I'd try out the new Stack Overflow! This is on an Ubuntu server. I have upgraded libssl to fix th...

Ruby on Rails: no such file to load -- openssl on RedHat Linux Enterprise

I am trying to do 'rake db:migrate' and getting the error message 'no such file to load -- openssl'. Both 'openssl' and 'openssl-devel' packages are installed. Others on Debian or Ubuntu seem to be able to get rid of this by installing 'libopenssl-ruby', which is not available for RedHat. Has anybody run into this and have a solution for...

Is it a problem if multiple different accepting sockets use the same OpenSSL context?

Is it OK if the same OpenSSL context is used by several different accepting sockets? In particular I'm using the same boost::asio::ssl::context with 2 different listening sockets. ...

Strange call stack, could it be problem in asio's usage of openssl?

I have this strange call stack and I am stumped to understand why. It seems to me that asio calls open ssl's read and then gets a negative return value (-37) . Asio seems to then try to use it inside the memcpy function. The function that causes this call stack is used hunderds of thousands of times without this error. It happens ...

Crypto/x509 certificate parsing libraries for Python (pyOpenSSL vs Python OpenSSL Wrappers vs...)

Hi! Any recommended crypto libraries for Python. I know I've asked something similar in http://stackoverflow.com/questions/143523/, but I should've split the question in two. What I need is the ability to parse X.509 Certificates to extract the information contained in them. Looking around, I've found two options: Python OpenSSL Wra...

How would you test an SSL connection?

I'm experimenting with OpenSSL on my network application and I want to test if the data sent is encrypted and can't be seen by eavesdropper. What tools can you use to check? Could this be done programmatically so it could be placed in a unit test? ...

"CURLE_OUT_OF_MEMORY" error when posting via https

I am attempting to write an application that uses libCurl to post soap requests to a secure web service. This windows application is built against libCurl version 7.19.0 which, in turn, is built against openssl-0.9.8i. The pertinent curl related code follows: FILE *input_file = fopen(current->post_file_name.c_str(), "rb"); FILE *out...

Self Signed Certificate in Windows without makecert?

We have a shrink wrap type Windows server application where we need to create a self signed certificate on the server to be used by some WCF web services. From our searches on the web, it appears that the makecert utility in the PlatformSDK from Microsoft cannot be distributed with our application, so we're looking for alternatives. ...

Building libcurl with SSL support on Windows

Hi, I'm using libcurl in a Win32 C++ application. I have the curllib.vcproj project added to my solution and set my other projects to depend on it. How do I build it with SSL support enabled? ...

How to deploying a self signed SSL certificate to multiple servers

I need to create a self signed SSL certificate and the install the same certificate on two different web servers. For this specific scenario I have two web servers (Win2K3 w/ II6) in a network load balanced configuration. I have installed the IIS resource tool kit and can use the SelfSSL tool to make a certificate. However my confusion...

How can I parse a Certificate Signing Request with Perl?

I want to use Perl to extract information from a Certificate Signing Request, preferably without launching an external openssl process. Since a CSR is stored in a base64-encoded ASN.1 format, I tried the Convert::PEM module. But it requires an ASN.1 description of the content, which I haven't been able to put together (ASN.1 being the be...

Opening an RSA private key from Ruby

I think I know how to create custom encrypted RSA keys, but how can I read one encrypted like ssh-keygen does? I know I can do this: OpenSSL::PKey::RSA.new(File.read('private_key')) But then OpenSSL asks me for the passphrase... How can I pass it to OpenSSL as a parameter? And, how can I create one compatible to the ones generated b...

Net::SSLeay post_https compilation error: Too many arguments

I'm interfacing with a payment gateway and not having any luck with Net::SSLeay and its post_https subroutine. The payment gateway has issued me a client certificate that must be used for authentication. The Net::SSLeay perldoc has the following example: ($page, $response, %reply_headers) = post_https('www.bacus.pt', 443, '/f...

Understanding engine initialization in OpenSSL

I'm trying to set up a basic test of HMAC-SHA-256 hashing but I'm having problems with the engine setup. Ideally I would like to set up only the HMAC-SHA-algorithm but so far I haven't even gotten the general case where load all the algorithms to work. Currently I'm getting segfaults on the row where I try to set the default digests. Al...

Programmatically Create X509 Certificate using OpenSSL

I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter. I want to do this inside an app, not from command line. What OpenSSL functions will do this for me? Any sample code is a bonus! ...